package com.kqzz.common.config.xss;

import org.apache.commons.lang.StringUtils;

import cn.hutool.core.util.StrUtil;

public class SQLFilter {
	/**
     * SQL注入过滤
     * 
     * @param str
     *            待验证的字符串
     */
    public static String sqlInject(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        // 去掉'|"|;|\字符
        str = StringUtils.replace(str, "'", "");
        str = StringUtils.replace(str, "\"", "");
        str = StringUtils.replace(str, ";", "");
        str = StringUtils.replace(str, "\\", "");

        // 注释：强制转换成小写会造成传参改变
//        str = str.toLowerCase();

        // 非法字符
        String[] keywords = { "master", "truncate", "insert", "select", "delete", "update", "declare", "alert",
                "create", "drop" };
        // 判断是否包含非法字符
        for (String keyword : keywords) {
            if (StrUtil.equalsIgnoreCase(str,keyword)) {
//                throw new Exception("包含非法字符", 1);
            	return "";
            }
        }
        return str;
    }
}
